The situation that the business of internet banking can’t interact as the double export problem of USG2110 - F

Publication Date: 2012-09-24Views: 167Downloads: 0

Issue Description

The customer using two ADSL dialing port of the USG2110 - F (V100R003 ) access the Internet at one site, realize the Internet and find a bank online banking cannot interact, but other network business visit is normally. Then go around the firewall and dial the computer ADSL, internet banking interaction become normal.

Alarm Information

none

Handling Process

1, check the firewall configuration, find that two Dialer port joined the different security domain. Configure the NAT to the internal network respectively and configure two default equal-cost route;
2, Using a PC access the internet banking business and check session table. Find two Dialer ports of the public IP address configure the NAT translation.
3, Pull out one of the physical interface wire binding by Dialer port and check the routing table only having a default route. Right now, can access the internet banking successfully and make online payment;
4, Then define the problem. It is recommended that specify an Internet export for different network segment users when clients do the policy-based routing.

Root Cause

1 When access internet banking business, two export addresses are used, resulting in business blocking